Sunday, February 05, 2012

Your personal information for sale: Irish Rail edition

Today's Sunday Independent reveals that a private investigator acting for Irish Rail illegally accessed staff bank accounts, while the company also monitored staff email and placed a GPS tracking device on the car of an individual working for a contractor:

A statement issued by the Data Protection Commissioner's office this weekend said Irish Rail "acknowledged" the "unacceptable level of surveillance" on employees: "It was apparent to the investigation that one senior manager at Irish Rail authorised the surveillance and accessing of bank accounts without the knowledge or approval of management."

The investigation found "that the private bank accounts of nine employees or former employees of Irish Rail were inappropriately accessed in 2007. The bank accounts were held in four different financial institutions".

Because of the passage of time, the investigation was unable to identify "precisely how or when" employee bank accounts had been accessed. "In one case, however, the investigation did find evidence of an unsuccessful attempt by an individual by means of a telephone call to obtain bank statement information in respect of one of the bank accounts concerned," the statement said.

"The investigation was satisfied that this attempt to inappropriately access bank account information was made by an individual phoning from outside of the State."

The statement continued: "It also emerged that the individual who played the key role in accessing information from the bank accounts was operating from outside of this jurisdiction and that he is since deceased."

The investigation was also told how a GPS tracking device was fitted on the car of an employee of a contractor of Irish Rail, and the emails of 35 employees were monitored.

The investigation into the data protection breach at Irish Rail remains "open".